search

srvrco / getssl

obtain free SSL certificates from letsencrypt ACME server Suitable for automating the process on remote servers.
GNU General Public License v3.0
2.07k stars 372 forks source link

revoke : Invalid key file ? + --account-id bug ? #824

Open lolo888 opened 7 months ago

lolo888 commented 7 months ago 
root@za4:~# getssl -r /etc/getssl/account.key /etc/getssl/exemple.com/bak/exemple.com.key
getssl: ACME server returned error: 400:   "detail": "Unable to parse certificate DER",

root@za4:~# getssl -r /etc/getssl/exemple.com/bak/exemple.com.key /etc/getssl/exemple.com/bak/exemple.com.crt
getssl: Invalid key file

root@za4:~# getssl -w /etc/getssl/ --account-id /etc/getssl/account.key
/etc/getssl/account.key: ACL location not specified for domain /etc/getssl/account.key in /etc/getssl///etc/getssl/account.key/getssl.cfg
/etc/getssl/account.key: DNS lookup failed for /etc/getssl/account.key
getssl: /etc/getssl/account.key: exiting due to config errors
root@za4:~# getssl -w /etc/getssl/ --account-id /etc/getssl/exemple.com/exemple.com.key
/etc/getssl/exemple.com/exemple.com.key: ACL location not specified for domain /etc/getssl/exemple.com/exemple.com.key in /etc/getssl///etc/getssl/exemple.com/exemple.com.key/getssl.cfg
/etc/getssl/exemple.com/exemple.com.key: DNS lookup failed for /etc/getssl/exemple.com/exemple.com.key
getssl: /etc/getssl/exemple.com/exemple.com.key: exiting due to config errors
root@za4:~# getssl --account-id /etc/getssl/exemple.com/exemple.com.key
/etc/getssl/exemple.com/exemple.com.key: ACL location not specified for domain /etc/getssl/exemple.com/exemple.com.key in /etc/getssl//etc/getssl/exemple.com/exemple.com.key/getssl.cfg
/etc/getssl/exemple.com/exemple.com.key: DNS lookup failed for /etc/getssl/exemple.com/exemple.com.key
getssl: /etc/getssl/exemple.com/exemple.com.key: exiting due to config errors
root@za4:~# getssl --account-id /etc/getssl/account.key 
/etc/getssl/account.key: ACL location not specified for domain /etc/getssl/account.key in /etc/getssl//etc/getssl/account.key/getssl.cfg
/etc/getssl/account.key: DNS lookup failed for /etc/getssl/account.key
getssl: /etc/getssl/account.key: exiting due to config errors
root@za4:~# getssl --account-id /etc/getssl/exemple.com
/etc/getssl/exemple.com: ACL location not specified for domain /etc/getssl/exemple.com in /etc/getssl//etc/getssl/exemple.com/getssl.cfg
/etc/getssl/exemple.com: DNS lookup failed for /etc/getssl/exemple.com
getssl: /etc/getssl/exemple.com: exiting due to config errors

getssl v2.48

timkimber commented 7 months ago

Hi @lolo888

The syntax for revoking a certificate is: --revoke "cert" "key" [CA_server]

So you would need to do: getssl -w /etc/getssl/ /etc/getssl/exemple.com/bak/exemple.com.crt /etc/getssl/exemple.com/bak/exemple.com.key

I will add a "how to revoke a key" section to the wiki and also improve the error checking around both the revoke function and the --account-id option. Thanks for the great examples of where the output is especially unhelpful.

Note: I currently have very little time to work on getssl due to work commitments

lolo888 commented 7 months ago

Hi

So you would need to do: getssl -w /etc/getssl/ /etc/getssl/exemple.com/bak/exemple.com.crt /etc/getssl/exemple.com/bak/exemple.com.key

getssl: invalid command line /etc/getssl/exemple.com/bak/exemple.com.crt - it appears to contain more than one domain

contain only exemple.com and ftp.exemple.com

lolo888 commented 7 months ago

Oups ! getssl -w /etc/getssl/ -r /etc/getssl/exemple.com/bak/exemple.com.crt /etc/getssl/exemple.com/bak/exemple.com.key certificate revoked tks 👍